package com.cans.security.browser.config;

import com.cans.security.browser.filter.SsoAuthenticationFilter;
import com.cans.security.browser.service.api.ICustomUserService;
import com.cans.security.properties.CansSecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
 * description: spring Security配置
 * @author cans
 * @date 2018/1/16
 */
@Configuration
@EnableWebSecurity
public class CansSecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Resource
    private AuthenticationSuccessHandler cansAuthenticationSuccessHandler;
    @Resource
    private AuthenticationFailureHandler cansAuthenticationFailureHandler;
    @Resource
    private ICustomUserService userDetailsService;
    @Resource
    private CansSecurityProperties cansSecurityProperties;


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);

    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // 此配置处理返回不能放在iframe中的问题
        http.headers().frameOptions().disable();
        http.csrf().disable();

        http.cors()
                .and().authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
                // 静态资源放行
                .and().authorizeRequests().antMatchers("/static/**").permitAll()
                // 首页不拦截
                .and().authorizeRequests().antMatchers("/").permitAll()
                // 单点登录不拦截
                .and().authorizeRequests().antMatchers("/sso/ticket").permitAll()
                // 加载配置
                // 其它所有资源必须登录后访问
                .and().authorizeRequests().anyRequest().authenticated()
                // 注销地址
                .and().logout().logoutUrl(cansSecurityProperties.getBrowser().getLogoutUrl()).permitAll()
                .and().formLogin().loginPage(cansSecurityProperties.getBrowser().getSsoServerUrl() +
                "/sso/ssoLogin?redirectUrl=http://localhost:8081/sso/ticket").permitAll()
                .and().formLogin().loginProcessingUrl("/login")
                .and().formLogin().successForwardUrl("/home/index")
                // 授权地址
                .and().formLogin().successHandler(cansAuthenticationSuccessHandler)
                .and().formLogin().failureHandler(cansAuthenticationFailureHandler)
                .and().formLogin().permitAll();

        // 添加自定义拦截器在指定拦截器位置
        SsoAuthenticationFilter ssoAuthenticationFilter = new SsoAuthenticationFilter();
        ssoAuthenticationFilter.setSsoServerUrl(cansSecurityProperties.getBrowser().getSsoServerUrl());
        ssoAuthenticationFilter.setCustomUserService(userDetailsService);
        ssoAuthenticationFilter.setAuthenticationManager(authenticationManager());
        http.addFilterAt(ssoAuthenticationFilter,UsernamePasswordAuthenticationFilter.class);

    }

}
